If you’ve installed Chrome plugins, you’ve probably seen a warning that they can access your data on all websites, your tabs and browsing activity, or even all the data on your computer. This warning can be scary, especially if you’re installing a simple browser extension that looks harmless.

Plugin Permissions

Unlike Mozilla Firefox and Internet Explorer7 Useful Tips & Tricks For Internet Explorer 9 Users7 Useful Tips & Tricks For Internet Explorer 9 UsersTech websites write a lot about Google Chrome and Mozilla Firefox, so it’s easy to feel a bit left out if you use Internet Explorer. Internet Explorer 9 is easily the best version of Internet...Read More, both of which allow extensions to do anything they want, Chrome uses a permission system for its extensions. All Chrome plugins must declare the permissions they need. When you install a plugin, you’ll see a list of the permissions it requires. This gives you some idea of what a plugin can do. For example, if an extension doesn’t require any permissions, it’s definitely safe to install. If an extension requires permission to access all the data on your computer, you should be sure the extension was created by someone you trust.

Very simple plugins, such as the Timer plugin, which displays a timer button on your browser toolbar and doesn’t interact with any websites, don’t need any permissions.

Other plugins need different types of permissions, depending on what they do.

Access Your Data On All Websites

Plugins that interact with web pages need to declare the permissions “Access your data on all websites.” Plugins that need to see the addresses and titles of the websites you visit must declare the permission “Access your tabs and browsing activity“.

Other less-invasive extensions may also request these permissions. Any extension that works by running JavaScript code on the websites you visit must be able to “Access your data on all websites“. For example, the colorPicker plugin allows you to select a color used on the current website and view its exact color code. It functions by running JavaScript code on the current page, so it must be able to access all your data.

Access All Data On Your Computer

Some Chrome plugins aren’t just Chrome extensions. They include NPAPI plugins. NPAPI plugins are essentially just programs that run on your computer. Browser plugins like Adobe Flash, Oracle JavaIs Java Unsafe & Should You Disable It?Is Java Unsafe & Should You Disable It?Oracle’s Java plug-in has become less and less common on the Web, but it’s become more and more common in the news. Whether Java is allowing over 600,000 Macs to be infected or Oracle is...Read More, and Adobe’s PDF reader are all NPAPI plug-ins.

When a Chrome extension contains an NPAPI plugin, it has the permission to “Access all data on your computer and the websites you visit.” The NPAPI plugin runs just like a program on your computer with access to your everything on your system. You should be careful about installing Chrome plugins with this permission – it’s just like installing a program on your computer.

For example, LastPass has a special version of its Chrome plugin available from its website. This plugin has the ability to share your LastPass login state with other web browsers running on your computer. It works by using an NPAPI plugin that runs as a program on your computer.

Plugins In Other Browsers

While Chrome’s permission warning messages can seem a bit scary to some users, it’s important to consider that the situation is worse with other web browsers.

If you pay attention while installing a Firefox add-on, you’ll see a similar warning message, although it’s less specific than Chrome’s warning message.

This also applies to all other software on your computer. When you install a Windows desktop application, it has full access to every file on your computer and the ability to monitor your browsing activity – if it wants to.

While it would be nice if Chrome’s extension permission system was more fine-grained, it would be extremely difficult to limit what more powerful extensions can do. To see a full list of Chrome plugin permission and a short explanation of each, read this page on Google’s website.

How much attention do you pay to permissions when you install Chrome plugins? Have you avoided installing plugins when they ask for lots of permissions, or does Chrome’s permission system provide so many warnings that you ignore them? Leave a comment and share your thoughts!

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

gemini

May 9, 2013 at 1:38 pm

i cannot install ant addons asking for access all data. i may not have a problem if they collect my browsing history, since their function may well depend on it, but the thought that they can collect passwords (when it is not their main function) is quite scary. basically i can own a rolls royce that has a renault interior and i cannot buy any options because of these permissions.

Further I don't like Chrome because of privacy concerns. Why the hell I need a google account to install addons. Chrome webstore takes minutes to load. And if I use other chromium-based browsers, google doesn't allow to install extensions, nor user scripts.

Basically, I don't like to put all my eggs in one basket.

I prefer DuckDuckGo than google search.
Outlook/ Rediffmail over gmail.
Facebook/ Twitter over g+(worst social network).

Ha, ha, ha, this article is brilliantly written but is quite a laugh. So, those of you who think denying an app permissions is protecting your privacy? All your information is already known by large secretive U.S corporations, they control the world and all of us like little puppets, using their media to herd us left or right. Don't worry about plugins, Google already knows how fast you can walk, your gate and how many hairs you have on your left bumb cheek. I wouldn't worry about plugins when military satellites can peer through your roof from space and in high definition.

Well, yeh Chris you are absolutely correct in that, anyone can theoretically gain access through a plugin, but then again, these days anyone can anyway, through war driving on a simple Android smartphone, even WEP, WPA etc etc keys can be cracked with the correct algorithm. A private citizen can do this all if they so wished, I reckon the problems are much deeper than a simple hacker or a poor geek who has found a way to feed his starving family, like Robin of the Hood. As long as the poor keep getting poorer, and the rich Western piggies keep getting fatter and destroying our fragile ecology even more than they have already with among other things, Nuclear weapons and the dictation of 'proper societal structuring', as long as this continues, there will always be a 'robin hood' or, if he steals money from you or I, a 'thief', in the woodwork. The increasing of policing of the internet is just an extension of the already chaotic police society created by Western Fear paradigm, built through using the media to propagate mass fear where, in fact, the very cause of those terrorism acts where the gestapo's actions in the first place. I wonder who the real people are that need to be feared? Let me just make clear that I in no way condone violence to bring about any change and I believe that the central problem in our modern society is greed, plain and simple, greed, it is why, the powerful want to control and it is why those made to suffer rise up in violent protest and action. I mean, if your kids where starving, what would you do? If bombs where falling out the sky, what would you do? This I am seeing here is simply another form of control by those who have power and priveledge, trying to steer the 'sheep' into the little boxes of control they they see as the route to providing the greatest profit for their greedy fat pale bellies. But no matter what you or I do or say, it will never change what 'they' want to happen. No amount of violence, hatred, killing, bribing, can stop what those in power wish to accomplish for their own benefit. That is, I am afraid, human nature and ultimate power corrupts, completely and totally, regardless of the 'constitution', man will always mold words to fit his/her objective. I just wish people would listen to the words of their forfathers, who knew about things such as greed, corruption and destruction. If we followed the wise of old we would not be doing this to ourselves and to our brothers and sisters. SO, in conclusion, Google will do what they want to do, we are the sheep and must follow, what was once completely 'free' will be made 'controlled' due to greed and glutony, not privacy and safety. One day when man has turned all that was good and clean into a twisted knot of filth, hate, greed and lust, then, maybe, then we will see in the mirror what we have become, me, you and I, included, and maybe then, we will all decide in one single moment, to treat others as we ourselves would like to be treated.

I have a ton of shit in my devices and guess what? IDGAF if anyone is watching. And I think that MUO is not the best place for your shitty pseudo-manifesto, maybe a personal blog would be better.

Anonymous

November 16, 2012 at 5:24 am

They need to take this to the next level and explain WHY? Sometimes the reasons are not obvious. But if it listed explicity why it was accessing what it does then I could at least attempt to make a good choice.

well..as long as a chrome extension gets the job done i dont really care what all permissions its asking for ...though i definitely hope that it does not do anything malicious ..i dont know but i hope that google checks for such malicious stuff before it adds any extension to its store.

I know my way around computers so the warnings are okay with me. Though it's meant to ensure safety, it'll scare common users or induce some sort of paranoia.Basic rules: If you don't know the program asking you permissions, chances are they're not meant to be there. Chrome is a pretty good browser but maybe not as user friendly.